[Bug 894170] Re: libdvdread core dumps with invalid next size

Bryce Harrington 894170 at bugs.launchpad.net
Thu May 17 23:51:08 UTC 2012 

@ricky, huh didn't see your comment #9 until now.

Totally understand not wanting to be on too many lists (I feel the
same).  However I've found this one to be reasonable (couple emails a
week).  In any case I don't really mind forwarding patches there myself
and so can take care of that end.

If you're ever looking for other troublesome movies to work on you can just look at the bugs that have been filed:
https://bugs.launchpad.net/ubuntu/+source/libdvdread/

For instance
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/377414 appears
to affect a lot of mainstream movies.
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/590983 is
another common one.

Anyway, looks like the sru for oneiric has already been uploaded.  natty
is pretty long in the tooth so not really worth SRUing that.  So I'm
going to close out this bug.  Thanks everyone.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/894170

Title:
  libdvdread core dumps with invalid next size

Status in “libdvdread” package in Ubuntu:
  Fix Released
Status in “libdvdread” source package in Natty:
  Won't Fix
Status in “libdvdread” source package in Oneiric:
  Fix Committed

Bug description:
  SRU Request:

  Impact: Oneiric cannot read certain dvds, including "The Express".

  Development fix: This is fixed in Precise with the minimal patch
  provided in this bug.

  Stable fix: An identical minimal patch has been applied to the Oneiric
  package

  Test Case: Unfortunately, someone needs to try playing the "The
  Express" DVD to test this updated package

  Regression potential: Although unlikely, this patch may prevent other
  DVDs from playing, in which case the patch can be backed out.

  
  Description:    Ubuntu 11.04
  Release:        11.04

  When reading dvd 'The Express' via dvdbackup -I, I get a core dump:
  *** glibc detected *** dvdbackup: free(): invalid next size (normal): 0x0000000002ccef70 ***

  Using Valgrind, I was able to track down the culprit, in the file
  ifo_read.c, function ifoRead_TT_SRPT, where a structure array is
  allocated, but another variable, extracted from the DVD info
  determines the lenght of the array, resulting in read/writes beyond
  the array. I truncate the read, but perhaps a better solution would be
  to expand the malloc to include the data off the DVD. I believe that,
  however could lead to out of memory errors if the DVD data was
  bad/invalid.

  With the applied patch, dvdbackup no longer segfaults.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libdvdread/+bug/894170/+subscriptions

More information about the Ubuntu-sponsors mailing list